A site that is providing public access to an information server must incorporate this access into the firewall design. While the information server itself creates specific security concerns, the information server should not become a vulnerability to the security of the protected site. Policy should reflect the philosophy that the security of the site will not be compromised in order to provide an information service.
One can make a useful distinction that information server traffic, i.e., the traffic concerned with retrieving information from an organization's information server, is fundamentally different from other ``conduct of business'' traffic such as e-mail (or other information server traffic for the purposes of business research). The two types of traffic have their own risks and do not necessarily need to be mixed with each other.
Section discusses incorporating an information server into the firewall design. The screened subnet and dual-homed gateway firewall examples show information servers that can be located on a screened subnet and in effect be isolated from other site systems. This reduces the chance that an information server could be compromised and then used to attack site systems.